On July 20, 2023, the Federal Trade Commission (“FTC”) and the Office for Civil Rights of the United States Department of Health and Human Services (“OCR”) announced that they had sent a warning letter to about 130 hospital systems and telehealth providers, alerting them about the risks and concerns of using online tracking technologies, such as the Meta/Facebook pixel and Google Analytics, which can track users’ online activities.

In the letter, the FTC and OCR reiterated the risks posed by the unauthorized disclosure of an individuals’ personal health information—such as health conditions, diagnoses, and medications, among other items—to third parties. These concerns, particularly as they related to the use of online tracking technologies by HIPAA Covered Entities and Business Associates, were highlighted in OCR’s Bulletin issued last year and about which we previously wrote.

The FTC also reminded companies not covered by HIPAA that they still have a responsibility to protect against the unauthorized disclosure of personal health information, highlighting its recent enforcement actions against BetterHelp and GoodRx, about which we also previously wrote.  Such enforcement actions related to those companies’ sharing of health information with third parties that use online tracking technologies integrated into the companies’ websites and apps without users’ awareness. 

Additional information about the risks relating to online tracking technologies can be found on the FTC’s Blog.  We will continue to monitor for additional enforcement actions in this area.

Posted in Data Privacy Laws, FTC Enforcement, HIPAA, Medical Privacy
Tags: data privacy, enforcement action, FEDERAL TRADE COMMISSION (FTC), HIPAA Privacy Rule, OCR Bulletin, online tracking technologies, personal health information, personal information, United States Department of Health and Human Services
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ryan P. Blaney Ryan P. Blaney

Ryan Blaney represents health care, life science, and technology clients in a range of regulatory, enforcement, internal investigative and transactional matters, with particular expertise in privacy law, life sciences and digital health. He also has expertise in regulatory compliance, counseling clients on a…

Ryan Blaney represents health care, life science, and technology clients in a range of regulatory, enforcement, internal investigative and transactional matters, with particular expertise in privacy law, life sciences and digital health. He also has expertise in regulatory compliance, counseling clients on a range of matters, including health care fraud and abuse, third party reimbursement, data breach issues, data privacy and security, and FDA regulatory matters. He has substantial experience in pharmaceutical lifecycle management and competition issues, including the Hatch- Waxman Act and Biosimilars Price Competition and Innovations Act.

Ryan serves information technology companies, public and private health care companies, hospitals and physician organizations, manufacturers, medical device companies, and health plans. He guides venture capital groups, private equity funds, investment banks, and other investors on health care regulatory issues in connection with financing, mergers and acquisitions, and restructuring.

Ryan’s work is greatly informed by his experience as a teacher. Prior to attending law school, Ryan earned a master’s degree in education and taught at an under-resourced Catholic middle school. He is known for his ability to communicate clearly and to coordinate large teams working on complex matters. Outside of his health law practice, Ryan has been repeatedly recognized for his public service and pro bono work. He has successfully handled numerous education-related cases, helped establish three nonprofit organizations and defended qualified recipients of disability benefits.

Read more about Ryan P. Blaney
Show more Show less
Photo of Matthew J. Westbrook Matthew J. Westbrook

Matt is an associate in the Corporate Department and a member of the Health Care Group.  His practice focuses on providing regulatory compliance advice for the Firm’s health care clients, including service providers, health plans, operators, investors, and lenders, among others.  Matt specifically…

Matt is an associate in the Corporate Department and a member of the Health Care Group.  His practice focuses on providing regulatory compliance advice for the Firm’s health care clients, including service providers, health plans, operators, investors, and lenders, among others.  Matt specifically provides advice on fraud and abuse matters arising under the Federal False Claims Act (FCA), Civil Monetary Penalties Law (CMPL), Federal Anti-Kickback Statute (AKS), and Physician Self-Referral Law (Stark Law), as well as on the regulations promulgated by the Drug Enforcement Administration (DEA) and the Department of Health and Human Services, including the Office of Inspector General (OIG), Centers for Medicare & Medicaid Services (CMS), and Food and Drug Administration (FDA).

Read more about Matthew J. Westbrook
Show more Show less
Related Posts
Going Beyond HIPAA - Washington Health Privacy Law Enacted: Broad Reach, Amorphous Scope, Big Litigation Risk
May 1, 2023
FTC: LabMD Tests Positive for “Unfair” Security Practices
August 2, 2016
Regulators Offer Guidance on Privacy and Security for Health App Developers
April 18, 2016